The consumerization of IT is happening, whether enterprises like it or not.

But a surprisingly small percentage of companies have implemented explicit bring-your-own-device (BYOD) strategies. An estimated 80% of enterprises lack a mobile device management (MDM) system to protect corporate assets on employee-owned devices. With companies liable for mishandled sensitive information, a BYOD strategy is a necessity. What should this strategy encompass?

Let’s look at the five common mistakes made when scoping BYOD policies and guidelines.

Mistake #1: Ignoring Apps

Android phones, iPhone, iPads and other smart devices are all about apps. Thousands of new apps for these platforms are introduced every day, including productivity-boosting apps that are being adopted by businesses. However, if deployed haphazardly, apps can pose major consequences to the enterprise.

Apps can include malicious components designed to introduce viruses or steal data. While app stores have various evaluation criteria, it would be risky to assume that all apps are safe for all enterprise environments. The headlines tell the story, with increasing reports of apps that stream information to outside servers for months before detection. Apps must be managed with the aim of securing the business and limiting liabilities.

Another reason for managing applications relates to employee efficiency. “Angry Birds” and other seemingly harmless game apps can steal hours that rapidly multiply with the proliferation of BYOD.

BYOD policies should include restrictions on the types of apps that can reside on employee-owned phones that are used to access corporate resources such as e-mail and calendars. Some apps (i.e., blacklisted apps known to be risky, or productivity-busting gaming apps) should be blocked from use during the employee’s workday. There are MDM solutions available to monitor BYOD apps as well as apps on corporate-owned mobile devices. The best mobile management platforms also offer control over games and apps, with the ability to push out mandatory corporate apps, restrict the use of designated categories of apps, and tailor policies for apps based on organizational groups or job functions.

Mistake #2: Leaving Passwords Up to the Users

Every smart device offers password protection capabilities, but unless IT is overseeing the passwords, many BYOD users will take the easy route and opt out of password controls. The enterprise device management platform should give IT the ability to require passwords, and allow them to determine appropriate levels of complexity for the passwords. The platform should support automatic monitoring of the enterprise-defined lifecycle for passwords, forcing users to regularly change them at company-specified intervals or points in time.

IT password controls can actually be a plus for users, in the event that anyone forgets their password. MDM solutions support remote clearing of passwords, without requiring that the entire contents of the device be wiped.

Mistake #3: Missing Out on The Cost Benefits of Threshold Monitoring

Clearly BYOD assets offer cost benefits to the corporation. The employee pays for the device and maintains liability for payments and plans. However, many enterprises offer stipends or compensation for some portion of the device expense. It makes sense that enterprises would want to know when an employee is reaching a usage threshold that will impose an increased cost on the business. For example, if an employee is offered reimbursement for use of their phone when traveling, the company should be able to monitor and control the use of expensive roaming services.

Minimally, an enterprise should look for a management solution that includes real-time visibility of usage, with the ability to define thresholds and generate automatic alerts when an employee is approaching a set limit. Management solutions vary significantly in this category. Unlike security features, which are considered basic device management features, some platforms completely omit expense management features. By choosing a platform that integrates basic device control with advanced expense management, a business can introduce a BYOD strategy and policies that address security and finances related to BYOD.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

Great post. I would add Mistake #6: Failure to capitalize on opportunity to partner/collaborate with the user base. So often IT faces resistance when implementing new technology. With BYOD that hurdle doesn’t exist. Users love the device in their hand because they picked it. Make the most by collaborating on solutions that fit going forward. There is some great discussion on this at the CIO Collaboration Network.

PJ, this was a good article, and I particularly relate to point # 4 – Failure to Define Device Requirements.

In Admin office at the hospital I work at, we have the additional burden of meeting HIPAA requirements, particularly since many doctors send and receive patient info via text messaging on thier BYOD phones.

This opens the hospital to HIPAA related lawsuit if the doctor loses thier phone or it is hacked.

In order to deal with the issue, we got the doctors to use Tigertext, which deletes the text messages after a period of time, making it HIPAA compliant.

The problem, was that some doctor we not updating or installing it on their phones or new phones.

We implemented a policy to do a monthly phone check to make sure the right version (or any version) of the app (Tigertext) was installed on their phone.

Hi there, the advice to insist upon use of passwords and MDM device management is particularly useful. The other caveat when using these systems is to be careful of the vendor — there’s so many of these solutions available out there now it seems prudent to vet your service provider. BYOD is a boomtime for security firms and I don’t think you should take the best sounding offer before vetting a provider for future longevity. Also I cam across this slideshare about BYOD security which came from Orange Business, which reinforces lots of your points visually, do hope it is useful: http://www.slideshare.net/orangebusiness/